Analysis

  • max time kernel
    90s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2023, 15:17

General

  • Target

    Verificación de pago Expediente de Cobro No. 108225.__2023153003567221.eml

  • Size

    15KB

  • MD5

    82c47c52e7ee7f21697b2c26219b926d

  • SHA1

    47aced1fd363786f3c1366e7b904a16d402a6455

  • SHA256

    96ecec7c6f4ad93ea6ad4f8f2d812d435aff23ea47df091837b5496b60410903

  • SHA512

    1bc2a0e303a0135d763dc78e6be28197d94c95107997c9f3bd2dd3a1148490a49ae4465f381d5e0c86eae5bc73c8b81ed021c9645b4fff3e3449de7993baf02a

  • SSDEEP

    384:9JcWl2ZhuPEGgRC9Q8JfMW2o+/AiTJrUJ4AL11TdP8Jqb:1qA8GdQET2jDN8L1bP5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Verificación de pago Expediente de Cobro No. 108225.__2023153003567221.eml"
    1⤵
    • Modifies registry class
    • NTFS ADS
    PID:740
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads